"java.security.ProviderException: NSS module not available: fips" when using SecureRandom
When attempting to use the this image with an application using SecureRandom, I get the following error: Exception in thread "main" java.security.ProviderException: NSS module not available: fips at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:283) at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:103) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224) at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) at java.security.AccessController.doPrivileged(Native Method) at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) at sun.security.jca.ProviderList.getProvider(ProviderList.java:233) at sun.security.jca.ProviderList$3.get(ProviderList.java:148) at sun.security.jca.ProviderList$3.get(ProviderList.java:143) at java.util.AbstractList$Itr.next(AbstractList.java:358) at java.security.SecureRandom.getPrngAlgorithm(SecureRandom.java:558) at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:194) at java.security.SecureRandom.(SecureRandom.java:162)
Here is the class I used to produce this issue:
package test;
import java.security.SecureRandom;
public class HelloWorld {
public static void main(String[] args) {
System.out.println("Hello World");
SecureRandom random = new SecureRandom();
System.out.println(random.getAlgorithm());
System.out.println(random.nextInt());
}
}
The solution to this issue can be found here on Red Hats site: https://access.redhat.com/solutions/5696401
Could the image set 'security.useSystemPropertiesFile=false' in the java.security properties found in /usr/lib/jvm/jre-1.8.0-openjdk/lib/security/
This is the recommended setting from Red Hat to resolve this issue, and it will allow people to use this image without the need to create their own java.security file.